PDA

View Full Version : Virtumonde I think?


NY`Neil
2009-01-05, 18:37
Well anyways. I recently have been having trouble with slow computer performance and such. I hear random clicking (Internet explorer) sounds but no IE. Window is up. I have spybot snd resident up and it constantly is asking me wether to allow or deny some registry additions. Its just annoying. I did a search and virtumonde and HLS came up I deleted them both but am still having problems. This is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:48 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\taskmagr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\Desktop\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kingsofchaos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: (no name) - {A33B53E3-404C-481D-8F9C-33E416E9D865} - C:\Program Files\Internet Explorer\fzsKetNt.Ps2
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKLM\..\Policies\Explorer\Run: [Alcmtr] anyone360.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: 66F70815.dll,hjcjhlfl.dll,A79F0EDE.dll,eapapoen.dll,aclafopb.dll,jonfbehd.dll,A4DA8C49.dll,B4182D00.dll,hjdhefeb.dll,ioafefnb.dll,49B7E82A.dll,achgofgl.dll,478F1BC1.dll,HBmhly.dll,HBWULIN2.dll,HBKDXY.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBCHIBI.dll,CE72329C.dll,CAB0945B.dll,4CCB7631.dll,DDD54934.dll,ahjlkldf.dll,ebbkdbgm.dll,edihgnng.dll,pghfdakb.dll,2590399A.dll,akkgdcah.dll,690D366E.dll,35533C5A.dll,llkeopng.dll,focecgbo.dll,lhjoijpo.dll
O21 - SSODL: 478F1BC1 - {478F1BC1-5C0D-4DFA-B7D7-FF937F65EA77} - C:\WINDOWS\system32\478F1BC1.dll
O21 - SSODL: B4182D00 - {B4182D00-8F6E-4C9C-B14F-7282F84B911F} - C:\WINDOWS\system32\B4182D00.dll
O21 - SSODL: EA9A98E7 - {EA9A98E7-D974-4105-A949-2AECE4A19919} - C:\WINDOWS\system32\eapapoen.dll
O21 - SSODL: A4DA8C49 - {A4DA8C49-09C0-46C4-92CA-BAB632B36107} - C:\WINDOWS\system32\A4DA8C49.dll
O21 - SSODL: A79F0EDE - {A79F0EDE-5AF1-4FF6-B2DD-04B13AE46BCF} - C:\WINDOWS\system32\A79F0EDE.dll
O21 - SSODL: 387FBE1D - {387FBE1D-EBDB-490A-A394-C853BBD1E501} - C:\WINDOWS\system32\jonfbehd.dll
O21 - SSODL: 13C315F5 - {13C315F5-1E81-41E7-975F-27D8FA95688A} - C:\WINDOWS\system32\hjcjhlfl.dll
O21 - SSODL: 66F70815 - {66F70815-E263-4225-8B61-F6046A402052} - C:\WINDOWS\system32\66F70815.dll
O21 - SSODL: AC108F05 - {AC108F05-BA03-4103-9236-D8C2697F19D2} - C:\WINDOWS\system32\achgofgl.dll
O21 - SSODL: 49B7E82A - {49B7E82A-B9F9-41EE-8A8C-E184B7E6F04F} - C:\WINDOWS\system32\49B7E82A.dll
O21 - SSODL: 28AFEF7B - {28AFEF7B-0012-4F6B-A6E7-08121AEC40C5} - C:\WINDOWS\system32\ioafefnb.dll
O21 - SSODL: 13D1EFEB - {13D1EFEB-C7B7-444E-A79B-A97E4032228F} - C:\WINDOWS\system32\hjdhefeb.dll
O21 - SSODL: A13545DF - {A13545DF-F390-4BB2-B4DE-F56FB85E82EF} - C:\WINDOWS\system32\ahjlkldf.dll
O21 - SSODL: 51382398 - {51382398-F318-461E-B242-FE407827E953} - C:\WINDOWS\system32\lhjoijpo.dll
O21 - SSODL: AC5AF89B - {AC5AF89B-F71D-442F-8696-FE880016281F} - C:\WINDOWS\system32\aclafopb.dll
O21 - SSODL: 901FDA4B - {901FDA4B-8AC7-4F57-B04D-06B4CEC0CDBA} - C:\WINDOWS\system32\pghfdakb.dll
O21 - SSODL: 2590399A - {2590399A-64F7-42EA-887E-0C6BC89D10DA} - C:\WINDOWS\system32\2590399A.dll
O21 - SSODL: ED210770 - {ED210770-0D35-44B5-A3A8-CF7E2B8A83C7} - C:\WINDOWS\system32\edihgnng.dll
O21 - SSODL: A440DCA1 - {A440DCA1-A936-47E3-93C3-99E99E7226D9} - C:\WINDOWS\system32\akkgdcah.dll
O21 - SSODL: 690D366E - {690D366E-352C-48D9-A7FB-FA6B02E151C2} - C:\WINDOWS\system32\690D366E.dll
O21 - SSODL: 35533C5A - {35533C5A-DECA-4B2A-8ED5-3757E8264290} - C:\WINDOWS\system32\35533C5A.dll
O21 - SSODL: 554E8970 - {554E8970-0DFD-496D-8216-002AACB48B9B} - C:\WINDOWS\system32\llkeopng.dll
O21 - SSODL: F8CEC0B8 - {F8CEC0B8-A843-4EDA-87D5-4644D335D714} - C:\WINDOWS\system32\focecgbo.dll
O21 - SSODL: EBB4DB06 - {EBB4DB06-F9B0-4B62-86A4-75D3C0337C1B} - C:\WINDOWS\system32\ebbkdbgm.dll
O21 - SSODL: DDD54934 - {DDD54934-DC4D-4344-A015-91183422AEE6} - C:\WINDOWS\system32\DDD54934.dll
O21 - SSODL: 4CCB7631 - {4CCB7631-47EC-4702-B72F-F93D7F2DBC34} - C:\WINDOWS\system32\4CCB7631.dll
O21 - SSODL: CAB0945B - {CAB0945B-B79E-4795-AB52-50AA6116C14A} - C:\WINDOWS\system32\CAB0945B.dll
O21 - SSODL: CE72329C - {CE72329C-3AF7-4E04-B9EB-E35CD69BF333} - C:\WINDOWS\system32\CE72329C.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10504 bytes
Blade81
2009-01-10, 13:33
Hi

If you still need help with this post a fresh hjt log, please. The one you posted is quite outdated.
Blade81
2009-01-16, 15:47
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.